The battle resumes…

Gizmodo reports that the new UK iPhones ship with Firmware 1.1.2, which packs some new features, most notable among them is it renders current Jailbreak software useless, thus confirming everyone’s fear that any subsequent updating will truly be a long, drawn-out running battle until Apple just plain leaves the damn thing unlocked and open in the first place. No third-party apps for now, guys.

So far, none of the new features of 1.1.2 are enormously useful for anyone outside Europe, so that might make Jailbreakers feel a little better. Among the additions of the new firmware is support for 12 new languages, special keyboard layouts for the French and German versions and bundled access for The Cloud wifi hotspots. For this round at least, the battle is largely on the European front.

[Photo cribbed from Gizmodo]

OS 10.5’s got lotsa new stuff, particularly in the field of security. In fact, Apple’s got about 11 new security features incorporated into Leopard.

Perhaps the most interesting of the lot is the security technology called ASLR, or Address Space Layout Randomization, whose basic concept is to randomly and periodically jumble up the locations of key data areas, thus preventing malware attacks that rely on the established addresses of vulnerable data, or predicting their locations - it’s a bit like scrambling eggs.

This code-scrambling technology makes the system less prone to virus and worm attacks, and mixes things up for a more lively and exciting time. One more reason to get Leopard on Friday.

It’s real – the iPhone Unlock works, and is becoming widespread here in Mac-A-DoodleLand, the Philippines.

I’ve always hesitated to write about these iPhone unlock stories because they’ve always been remote and distant from me, like they happen on another planet and I just hear the stories third hand from space travelers passing through and try to pass them on to the people here on Earth. These SuperSIM techniques from Europe or the United States exist somewhere so far away they might as well be myths and legends to the poor iPhone-deprived in Asia.

This afternoon, I get a call from an old friend who happened to be one of the very first here to own an iPhone (a silly prospect because in the Philippines, it’s just a glorified iPod). Early on in the game he somehow got most of the non-telecom features to run, but in reality he just owns the world’s fanciest and most expensive 4gb digital music player.

So today he calls me and goes, “How does my voice sound?” I go, “What?” and he says, “Does it sound clear? Clear as a bell?”

I said, “What? …nooooo-o.”

Smug silence.

“No!”

And so began the first call I’ve received from an iPhone – on a local Globe Telecom Platinum account. And my first direct experience that it’s real, that it can be done. And has been, several times over, already.

My friend had it unlocked by someone using the SIM card reader/writer trick with downloaded software and Silvercards, which are those credit cards embedded with a blank, writable SIM chip and isn’t really die-cut and meant to pop out for use in a cell phone. (You need to carefully trim off the excess credit card plastic with a pair of sharp scissors or a box cutter into the distinctive shape of a cellphone SIM before you can use the chip.)

The hardware hack works by copying info off the original (local) SIM chip, then modify it with the software by adding codes that make the phone think it’s an AT&T account being used, while in reality it’s a local account. Then it’s all copied onto a Silvercard, or some blank chipped card like those used for hotel keys or electronic payment. (It’s kinda-sorta like SIM spoofing.)

The someone who did the deed for my friend has done it for a least a half dozen people already (all of whom I know, incidentally), and can do it for you too if you pony up for the expenses – around PHP5500 (slightly over US$100) per unlock, including the materials. (Ironically, he does it on a Windows PC, not a Mac.)

It’s spreading like wildfire too. My other friends are ordering units from the US and are lining up to have the unlocking done.

It’s not exactly a service, but I can see a lucrative business waiting somewhere in the wings, if not for this guy, for some other unscrupulous folk – at least until a better option comes along, or if the European iPhone will be released unlocked later this year as rumors claim.

A few caveats though: no visual voicemail (or course not, silly), and no YouTube (which was available pre-unlock, oddly enough). Otherwise, it’s good to go, and no one’s the wiser. Not Apple, not AT&T, not the local carriers (who don’t really care - they get the business anyway.)

Apparently Globe accounts are recreated quite easily, as are Sun Cellular numbers, but Smart accounts seem nearly impossible to fake (hats off to Smart). The original AT&T SIMs aren’t even needed, just the other carrier SIM so they can be copied. Older accounts seem easier to copy too. Post- or pre-paid, it doesn’t matter.

But it isn’t all roses. One curious flaw is that Caller ID is erratic. Sometimes it works and sometimes it doesn’t – seemingly because the iPhone requires a complete and precise format of numbers for the Caller ID to work. The local implementation of this seems to be very poor as far as Globe is concerned, since some numbers carry the full prefix (+63915xxxxxxx) while some just need a leading zero instead (0915xxxxxxx).

Additionally, my friend didn’t seem to have any trouble applying the updates to his iPhone even after his faux activation. So, there’s really nothing holding the hordes back now; I fully expect to see more working iPhones here in the coming week. And elsewhere in the world, I suppose.

So the local carriers win with even more airtime used (hey, you gotta show off, right?), Apple wins because more people will buy the damn thing now, and as expected, the big loser is still AT&T, who’s once again massively SOL, and whose SOLness will now increase exponentially with each day that passes.

The man who uncovered the security hole that led to Apple’s recent software update of the iPhone has criticized Apple’s general platform security for the new cellphone as being largely poor, and their attitude “negligent”.

Charles Miller spoke at the Black Hat security conference in Las Vegas the other day and slammed Apple’s security practices. Quoted in a ChannelWeb report, Miller said:

Before they released the patch, I couldn’t really say that much because I didn’t want to give anyone enough to replicate the exploit. It was really frustrating, because a lot of people leapt to Apple’s defense without really knowing the details. Everyone said, ‘Oh, everyone gets bugs,’ and ‘Apple’s good on security,’ and ‘They’re better than Microsoft.’ When you look at the details of this bug, though, the reality is that Apple’s been negligent, I think.”

The criticism extends to the Macintosh as well, and Miller says that the problem stems from Apple’s inclusion of sections of older, outdated, less secure open source code in the newer OS X platform, leaving pre-existing vulnerabilities for hackers to take advantage of.

More on the issue from MacNN.

Apple has patented a technology which would brick an iPod if someone tries to operate it on an unauthorized computer.

Apple already has software that pairs iPods with the owners’ computers, and it would be a simple matter to put in something that would totally disable the unit by disallowing it to charge forever. When attached, a security code in the iPod would be matched to a code in the computer, and if they don’t match, kaboom. Or rather, pfft.

The patent states that a “guardian circuit” could be triggered when this happens which in turn would permanently disable the charging circuit. Then it’s brick time.

Cool if a thief steals your iPod and sells it, but what about if someone just wanted to get a file off your player in disk mode? Scary tech, if you ask me. See patent app here.